Monthly Archives: August 2010

When processing an Apple device, check the files located in /private/var/mobile/Library WebKit/Databases. The Databases.db file is a SQLite Database file that contains a listing of databases. This file can include (https) Google Mail and Yahoo Mail. The corresponding file name … Continue reading →

Ok, so we left off talking about the examiners process and now are going to move onto the actual processing of the device it’s self. I will generically talk about some key points I like to cover in my courses. … Continue reading →

Greetings all you followers of MFI Bloggingness ( if that is a word, if not I call it). This comes to from about 39,000 feet, my frequent abode and resting place for bloggingness. I wanted to drop a line about … Continue reading →

If you use software such as Blackberry Desktop Software and iTunes to create back-up files, always test new versions to verify the settings. Recently, newer versions have had changes to the default settings. You do not want to find your contacts … Continue reading →

An iPhone 3G was received for analysis. The owner had reportedly taken video of an assault and subsequently deleted the video. The device was user jailbroken and had the “Cycorder” app installed. This app uses the onboard still camera with … Continue reading →

In processing a Samsung SCH-U740 it was found to have a lock code enabled. Utilizing Bitpim’s File-system view I was able to obtain the file-system and hopefully the lock code in the normal areas of nvm_0002, nvm_security etc. In examining … Continue reading →

Lets talk about phones! Of course the first step should be ALWAYS to isolate the handset from the cellular network but most important step when EXAMING the cellular device. FILESYSTEM, FILESYSTEM, FILESYSTEM. Did I say filesystem. The filesystem, if available, … Continue reading →

This blogging will be quite interesting and I think might help express the ideas and theories I always yell at students about in class (sorry students but passion is passion). I think I will start a series on process. Let’s … Continue reading →

Hey we have started the MFI 303 course where we cover grabbing some serious artifacts from the cellphone fileystems. Do you know that the majority of cellular extraction tools only parse out about 40% of actual data. What I mean … Continue reading →

Welcome to the mobile forensics inc blog. I think this may be a way for me to stay on top of any issues that I might run into. Our Newsletter has been a bit backlogged just becuase of the crazy … Continue reading →